# WAF Rule ID 313704  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially malicious reverse javascript malware detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 4 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Potentially malicious reverse javascript malware detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 313705  

***  

**Alert message:** Atomicorp.com Malware Removal System: encrypted javascript malware detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: encrypted javascript malware detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373764  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 5 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373769  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 1 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373723  

***  

**Alert message:** Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 1 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373763  

***  

**Alert message:** Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 6 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373767  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373765  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 4 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Potentially hidden Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373766  

***  

**Alert message:** Atomicorp.com Malware Removal System: Encoded Iframe detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Encoded Iframe detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373786  

***  

**Alert message:** Atomicorp.com Malware Removal System: Malicious Javascript detected in RESPONSE_BODY and removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System: Malicious Javascript detected in RESPONSE_BODY and removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 361029  

***  

**Alert message:** Atomicorp.com Malware Removal System:  Malware domain detected in webserver output and REMOVED. 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- htmlEntityDecode

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Malware Removal System:  Malware domain detected in webserver output and REMOVED.

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 361139  

***  

**Alert message:** Atomicorp.com Spam Removal System:  Spam domain detected in webserver output and REMOVED. 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 2 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- htmlEntityDecode

- urlDecodeUni

**Log Types:** 

- Basic Information (log)

- Capture full session (auditlog)

**Description:**

 Atomicorp.com Spam Removal System:  Spam domain detected in webserver output and REMOVED.

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373896  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially malicious javascript in RESPONSE_BODY removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 1 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

**Description:**

 Atomicorp.com Malware Removal System: Potentially malicious javascript in RESPONSE_BODY removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

# WAF Rule ID 373795  

***  

**Alert message:** Atomicorp.com Malware Removal System: Potentially malicious javascript before initial html tag in RESPONSE_BODY removed 

**Rule Class:** Generic Attack Ruleset (98_asl_adv_redactor.conf)

**Version:** 7 

**Severity:** Warning (HIDS: 7)

**HTTP Protocol Phase:** 4 

**HTTP Status:**  

**Action:** pass 

**Options:** No active Response

**Transforms:** 

- compressWhitespace

- lowercase

**Log Types:** 

- Basic Information (log)

**Description:**

 Atomicorp.com Malware Removal System: Potentially malicious javascript before initial html tag in RESPONSE_BODY removed

**Troubleshooting:**

**False Positives:**

Instructions to report false positives are detailed at [Reporting False Positives](https://wiki.atomicorp.com/wiki/index.php/Reporting_False_Positives)  If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

**Configuration Notes:** 

- enabled by: MODSEC_10_RULES 

- Requires Engine version: 2.9.0 or above

**Tuning guidance Notes:** 

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the [Atomicorp WAF Rules](https://wiki.atomicorp.com/wiki/index.php/Mod_security)

**Additional Information:**

**Similar rules:**

None.

**Outside References:**

None.

